Commit Graph

2193 Commits (5d889cca13fb9b1c3616e167fb3f07d97e06546c)

Author SHA1 Message Date
Thomas Bruederli 7f992eac3d Bump version + add CVE ID 7 years ago
Aleksander Machniak e757cc4101 Fix file disclosure vulnerability caused by insuficient input validation in relation with attachment plugins (#6026) 7 years ago
Thomas Bruederli 4181f29608 Bump version to 1.1.9 8 years ago
Thomas Bruederli f1483204c7 Bump version to 1.1.8 8 years ago
Thomas Bruederli 4c1394cf2d Bump version to 1.1.7 8 years ago
Thomas Bruederli 802d119153 Bump version to 1.1.6 8 years ago
Aleksander Machniak fbf89913a3 Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
Conflicts:
	CHANGELOG
9 years ago
Thomas Bruederli 25bc871ee7 Bump version to 1.1.5 9 years ago
Aleksander Machniak ead0846934 Plugin API: Add html2text hook (backport from master) 9 years ago
Aleksander Machniak c91d4975ff Make sure an email address is valid when replacing it with mailto: link 9 years ago
Aleksander Machniak 126d099e83 Fix PHP warning when defaults.inc.php is not readable 9 years ago
Thomas Bruederli 699af1e520 Protect download urls against CSRF using unique request tokens (#1490642)
Send X-Frame-Options headers with every HTTP response

Conflicts:
	plugins/enigma/enigma.js
	plugins/enigma/lib/enigma_ui.php
	program/lib/Roundcube/rcube_message.php
9 years ago
Aleksander Machniak d66793f0af Fix missing emoticons on html-to-text conversion 9 years ago
Thomas Bruederli f2ff464002 Bump version to 1.1.4; update Changelog 9 years ago
Aleksander Machniak 89a5dcb946 Fix path traversal vulnerability in setting a skin (#1490620)
Conflicts:

	CHANGELOG
9 years ago
Aleksander Machniak 70942083ce After failed login wait a second to slow down brute-force attacks (#1490549) 9 years ago
Aleksander Machniak bbef212b0e Fallback to C locale 9 years ago
Aleksander Machniak 7bfe676d53 Fix various issues with Turkish (and similar) locales (#1490519) 9 years ago
Thomas Bruederli 106d47992b Bump version and update changelog 9 years ago
Aleksander Machniak 19a61851ae Fix so imap folder attribute comparisons are case-insensitive (#1490466)
+ make in_array_nocase() much faster for ASCII strings
9 years ago
Aleksander Machniak 15fd8f9dc7 Fix XSS vulnerability in _mbox argument handling (#1490417) 10 years ago
Aleksander Machniak 5529d94ed7 Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
Conflicts:

	CHANGELOG
10 years ago
Thomas Bruederli f1ae19dc6b Bump version 10 years ago
Aleksander Machniak 84af0db103 Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) 10 years ago
Thomas Bruederli c7a88ff0c2 Localize common error messages; improve explanation for CSRF check failures 10 years ago
Thomas Bruederli 2c0861495b Bump version for next release 10 years ago
Aleksander Machniak bbbd02bd6a Fix so "over quota" errors are displayed also in message compose page
This also fixes over quota responses on cyrus imap which uses "Over quota" string and no error identifier.
10 years ago
Aleksander Machniak 9e147a36ad Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) 10 years ago
Thomas Bruederli 2f8b1036da Bump version and copyright year 10 years ago
Aleksander Machniak 09d52dbb67 Fix some typos in comments 10 years ago
Thomas Bruederli be140e827d Don't reset 'plugins' config option when running from update.sh script 10 years ago
Aleksander Machniak c6efcf5e6d Fix blocked.gif image usage with assets_dir set 10 years ago
Thomas Bruederli b737021a90 Improve plugin selection in installer; check already selected plugins 10 years ago
Thomas B. 8e7ed506c4 Merge pull request #248 from flanpy/master
#1489096 : Ability to select plugins to enable in the installer
10 years ago
Aleksander Machniak 7259529fad Get rid of requests whitelist for security check bypass 10 years ago
Aleksander Machniak 681ba6fc3c Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
10 years ago
Aleksander Machniak f7f4672649 Fix regression in rcmail::show_bytes() where unit was set to "[]" instead of "B" 10 years ago
Aleksander Machniak 0b36d15157 Add method to display operation (uploading) progress in UI message 10 years ago
Aleksander Machniak 2dfad0a564 Make upload progress text more compact.
E.g. "500 KB of 10 MB" becomes "0.5 of 10 MB"
10 years ago
Aleksander Machniak 9e4246d957 Code improvements and fixes (mostly unused variables and methods) 10 years ago
Flanpy 8f576d87d2 Add the ability to select plugins in the installer 10 years ago
Flanpy b8837e3f43 Add the ability to enable plugins in the installer 10 years ago
Thomas Bruederli 8d526c4938 Fix skin path handling in plugin context (#1488967):
The plugin skin directories are removed again from the search path after parsing of a plugin template has finished.
10 years ago
Aleksander Machniak 1ffab0ad4a Fix possible issues in skin/skin_path config handling (#1490125) 10 years ago
Aleksander Machniak 71dbeeee10 Skip unnecessary session updates on task switch - switch session task less often (#1490116) 10 years ago
andryyy 383724eb97 Update rcmail.php
Typo
10 years ago
Thomas Bruederli 91a449138e Add output class for commandline scripts 10 years ago
Aleksander Machniak 000f6ee304 Merge branch 'oracle' 10 years ago
Aleksander Machniak c2345747ac Add Oracle driver check in Installer 10 years ago
Thomas Bruederli 8ef203827f Make noshow attribute for roundcube:label tags actually work as supposed 10 years ago